Oral surgery leaders are paying close attention to emerging cybersecurity threats in the wake of an industry warning from the FBI.
The FBI issued a warning to the American Dental Association and the American Association of Oral and Maxillofacial Surgeons in May regarding a credible cybersecurity threat toward oral surgery practices.
Attackers often use social engineering scams including phishing, smishing and vishing to gain access to protected health information.
Becker's has reported on several data security incidents affecting dental practices across various specialties in recent years, including oral surgery practices. Bay Oral Surgery & Implant Center, which has three locations in Wisconsin, experienced a data breach in April that resulted in protected health information being exposed. Burke, Va.-based Northern Virginia Oral, Maxillofacial and Implant Surgery was hit with a cyberattack in March when an unknown criminal acquired certain files that may have involved personal or protected health information.
Southlake, Texas-based Allied OMS COO Ryan Graham told Becker's that Allied OMS had already been taking the rise in cybersecurity risks seriously after the Change Healthcare hack in April and other cybersecurity incidents affecting large healthcare companies.
"The FBI warning increased our expectation that we would be tested sooner rather than later," Mr. Graham said. "Since the announcement, we have pushed through updated training modules, double-checked that security protocols were properly set up and shared some of the more recent types of scams targeting practices. We try to use news like this to remind our practices to be diligent, as we rely on team members to notice any attacks that get past our software and hardware measures."
U.S. Oral Surgery Management CIO Chad Ehmke told Becker's that strong cybersecurity tactics were already a main priority for his organization, and the FBI's warning confirmed just how critical these measures are.
Mr. Ehmke and his team previously thwarted an attempted cybersecurity attack last year when it detected malicious activity on its systems.
"Our partner practices are as well-prepared as you can be," Mr. Ehmke said. "Our partnership with Cytek helps us to monitor our partner practices and alerts us right away if there are issues. Oral surgery practices that do not have a security partner are at a very high risk of falling prey to a successful attack."
Mr. Ehmke noted USOSM's message to everyone at its organization after the FBI's warning was to remain vigilant and use caution when responding to emails, which is a primary method for cyberattacks.
"Once they develop an attack vector, they will use it over and over again until someone figures out how to stop them. In this specific case, they found a clever way of compromising the systems of a specialty practice, and then they started going after all specialties, not just oral surgery," Mr. Ehmke said.
Mr. Graham said attackers could target oral surgery practices because their fast-paced and compassionate nature could make it easy to overlook red flags. He added that many practices could be "highly vulnerable" to attacks.
Mr. Graham recommended oral surgery practices use a firm that tracks the latest threats and manages cybersecurity full time, vet current providers for cybersecurity credentials and consider external audits to confirm the effectiveness of cybersecurity measures. He also said staff should engage in periodic training and obtain insurance.
"I think practice preparedness is all over the board," he said. "What’s more concerning is that many practices might not realize they are vulnerable as they believe their IT provider is protecting them. Often, an MSP doesn’t provide cybersecurity, or only provides basic cyber services that don’t prevent the sophisticated attacks we have been witnessing."